Configuring Squid can be challenging at times but here is a simple and easy example of how to block sites. Let’s start!
Let’s first go ahead and outline what we would like to accomplish. This Squid proxy will be located in a school where students’ Internet access must be filtered. Due to school policy, certain sites must be blocked to protect students and minimize distractions/disruptions. We’ll define two requirements:
Let’s create a minimal config for Squid. Make /etc/squid/squid.conf look like this:
# Service Configuration
http_port 10.1.1.10:3128
# ACLs
## Deny access to certain websites for students only
acl student_workstations src 10.1.16.0/20
acl blocked_sites dstdomain "/etc/squid/blocked_sites.txt"
http_access deny blocked_sites student_workstations
As you can see in the configuration above, we’ve set the listening port and our first ACL. The ACL blocks access to a list of sites (listed in /etc/squid/blocked_sites.txt) for all users sourcing from a device in the 10.1.16.0/20 subnet (which is where the students are located). In our /etc/squid/blocked_sites.txt, we’ll add a site to test:
.hulu.com
Go ahead and check your configuration and then restart the service:
squid -k reconfigure
systemctl restart squid
Now, from a student workstation, we’ll try to browse to two sites – one of which is blocked (Hulu) and one that should be allowed by default (World Factbook):
Looks like our config works!